{"id":357740,"date":"2026-01-14T00:05:00","date_gmt":"2026-01-14T08:05:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=406869"},"modified":"2026-01-14T00:58:37","modified_gmt":"2026-01-14T08:58:37","slug":"the-important-web-skimming-campaign-aimed-at-payment-networks","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/the-important-web-skimming-campaign-aimed-at-payment-networks\/","title":{"rendered":"The important web skimming campaign aimed at payment networks"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Cybersecurity researchers have discovered a significant <strong>active web skimming campaign since January 2022, targeting prominent payment networks such as American Express, Mastercard, and others<\/strong>. This malicious activity falls within a category of attacks known as Magecart, which initially focused on sites using the Magento platform but has diversified its reach, now affecting various e-commerce portals.<\/p>\n\n\n<h2 class=\"wp-block-heading\">Sophisticated Threat<\/h2>\n\n\n<p class=\"wp-block-paragraph\">The attack involves compromising legitimate e-commerce sites and <strong>injecting malicious JavaScript code that steals sensitive credit card information and other personal data during the checkout process<\/strong>. Researchers from Silent Push identified this campaign after analyzing a suspicious domain associated with a hosting provider known for its illicit activity, which has attempted to evade sanctions by changing its name.<\/p>\n\n\n<p class=\"wp-block-paragraph\">The domain in question hosts highly obfuscated JavaScript payloads designed to facilitate credit card skimming. <strong>This skimmer has the ability to evade detection by site administrators<\/strong>, as it checks the structure of the Document Object Model for specific elements that indicate an administrator user is present. If it detects the presence of these elements, it initiates a self-destruction sequence to eliminate any trace of its code.<\/p>\n\n\n<p class=\"wp-block-paragraph\">Additionally, the skimmer can manipulate payment forms.<strong> If it identifies that Stripe was selected as the payment method, the threat creates a fake form that deceives victims into entering their credit card information<\/strong>, which includes the CVC verification code and expiration dates. At the end of the process, the stolen data is sent to a designated server, putting users&#8217; personal information at risk.<\/p>\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/2\/2026\/01\/ciber-42.jpg\" alt=\"\" class=\"wp-image-406870\"\/><\/figure>\n\n\n<p class=\"wp-block-paragraph\">This sophisticated operation highlights the level of knowledge that attackers have about the features of WordPress, even integrating lesser-known functions into their attack chain, which raises <strong>serious concerns for companies managing online stores.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have discovered a significant web skimming campaign active since January 2022, targeting prominent payment networks such as American Express, Mastercard, and others. This malicious activity falls within a category of attacks known as Magecart, which initially focused on sites using the Magento platform but has diversified its reach, now affecting various e-commerce portals. Sophisticated threat The attack involves compromising legitimate e-commerce sites and injecting malicious JavaScript code that steals sensitive credit card information and other personal data during the process [&hellip;]<\/p>\n","protected":false},"author":9317,"featured_media":357741,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[20707,18858,5605,20708],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-357740","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-ataque-web","tag-cibersecurity","tag-ciberseguridad","tag-skimming-web"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/357740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9317"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=357740"}],"version-history":[{"count":2,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/357740\/revisions"}],"predecessor-version":[{"id":357748,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/357740\/revisions\/357748"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/357741"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=357740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=357740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=357740"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=357740"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=357740"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=357740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}